※註1:在FortiOS6.4版本後,GUI已無『「電子郵件告警配置」!
※註2:有切vDom的話…每個vDom都要設一次config alertemail setting
《Step1:設定Email Server》
※GUI:《系統管理》→《基本設定》
FGT201E # config system email-server
FGT201E (email-server) #
set
type Use
FortiGuard Message service or custom email server.
reply-to Reply-To
email address.
server SMTP
server IP address or hostname.
port SMTP
server port.
source-ip SMTP
server IPv4 source IP.
source-ip6 SMTP
server IPv6 source IP.
authenticate Enable/disable authentication.
validate-server Enable/disable validation of server
certificate.
security Connection security used by the
email server.
ssl-min-proto-version Minimum supported protocol version for SSL/TLS
connections (default is to follow system global setting).
FGT201E (email-server) #
get
type : custom
reply-to :
Infosecure-FGT201E@gmail.com
serve :
notification.fortinet.net
port : 465
source-ip :
0.0.0.0
source-ip6 :
::
authenticate :
disable
validate-server :
disable
security :
smtps
ssl-min-proto-version : default
FGT201E (email-server) #end
《Step2:電子郵件告警配置》
※GUI:《日誌與報表》→《電子郵件告警配置》
FGT201E # config alertemail setting
《※依「系統事件」寄送告警Mail》
FGT201E (setting) # set filter-mode category //與threshold擇一!
※Category系統事件、Threshold威脅程度
FGT201E (setting) # set
username Name that appears in the From: field of alert emails (max. 36 characters).
mailto1 Email address to send alert email to (usually a system administrator) (max. 64 characters).
mailto2 Optional second email address to send alert email to (max. 64 characters).
mailto3 Optional third email address to send alert email to (max. 64 characters).
filter-mode How to filter log messages that are sent to alert emails.
email-interval Interval between sending alert emails (1 - 99999 min, default = 5).
IPS-logs Enable/disable IPS logs in alert email.
firewall-authentication-failure-logs Enable/disable firewall authentication failure logs in alert email.
HA-log Enable/disable HA logs in alert email.
IPsec-errors-logs Enable/disable IPsec error logs in alert email.
FDS-update-logs Enable/disable FortiGuard update logs in alert email.
PPP-errors-logs Enable/disable PPP error logs in alert email.
sslvpn-authentication-errors-logs Enable/disable SSL-VPN authentication error logs in alert email.
antivirus-logs Enable/disable antivirus logs in alert email.
webfilter-logs Enable/disable web filter logs in alert email.
configuration-changes-logs Enable/disable configuration change logs in alert email.
violation-traffic-logs Enable/disable violation traffic logs in alert email.
admin-login-logs Enable/disable administrator login/logout logs in alert email.
FDS-license-expiring-warning Enable/disable FortiGuard license expiration warnings in alert email.
log-disk-usage-warning Enable/disable disk usage warnings in alert email.
FSSO-disconnect-logs Enable/disable logging of FSSO collector agent disconnect.
ssh-logs Enable/disable SSH logs in alert email.
FDS-license-expiring-days Number of days to send alert email prior to FortiGuard license expiration (1 - 100 days, default = 100).
local-disk-usage Disk usage percentage at which to send alert email (1 - 99 percent, default = 75).
FGT201E (setting) # get
username : Infosecure-FGT201E@gmail.com
mailto1 : jimmy@infosecure.com.tw
mailto2 :
mailto3 :
filter-mode : category
email-interval : 5
IPS-logs : enable
firewall-authentication-failure-logs : disable
HA-logs : disable
IPsec-errors-logs : disable
FDS-update-logs : disable
PPP-errors-logs : disable
sslvpn-authentication-errors-logs : disable
antivirus-logs : enable
webfilter-logs : disable
configuration-changes-logs : enable
violation-traffic-logs : disable
admin-login-logs : enable
FDS-license-expiring-warning : disable
log-disk-usage-warning : disable
FSSO-disconnect-logs : disable
ssh-logs : disable
FDS-license-expiring-days : 15
local-disk-usage : 75
FGT201E (setting) #
《※依「威脅程度」寄送告警Mail》
FGT201E (setting) # set filter-mode threshold //與category擇一!
※Category系統事件、Threshold威脅程度
FGT201E (setting) # set
username Name that appears in the From: field of alert emails (max.
36 characters).
mailto1 Email address to send alert email to (usually a system
administrator)(max. 64 characters).
mailto2 Optional second email address to send alert email to
(max. 64 characters).
mailto3 Optional third email address to send alert email to (max.
64 characters).
filter-mode How
to filter log messages that are sent to alert emails.
emergency-interval Emergency
alert interval in minutes.
alert-interval Alert
alert interval in minutes.
critical-interval Critical
alert interval in minutes.
error-interval Error
alert interval in minutes.
warning-interval Warning
alert interval in minutes.
notification-interval Notification
alert interval in minutes.
information-interval Information
alert interval in minutes.
debug-interval Debug
alert interval in minutes.
severity Lowest severity level to log. (Default = alert)
FGT201E (setting) # set severity critical
FGT201E (setting) # get
username : Infosecure-FGT201E@gmail.com
mailto1 :
jimmy@nextec.tw
mailto2 :
mailto3 :
filter-mode :
threshold
emergency-interval : 1
alert-interval :
2
critical-interval : 3
error-interval :
5
warning-interval :
10
notification-interval : 20
information-interval : 30
debug-interval :
60
severity :
critical
FGT201E (setting) #
※測試指令! diagnose log alertmail test
※參考文件1_FortiOS 6.2以前適用:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-alert-email-settings/ta-p/194102
※參考文件2_FortiOS 6.4版後適用:
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/526019/email-alerts
